We are in a mixed network, which includes a router
Cisco, a 3COM swich common to the two networks and a hub where gateway/fire wall
linux computer is connected.
One of the network is my company network
(192.168.X.X / 255.255.0.0. I am in charge of it) and the other network belongs
to other company (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they
are accusing me as hacker, alleging we have tried to go into their VPN. As prove
of tha t , they are showing the following type of message:
Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109
SYN (#70)
Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.185:138
192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71)
Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0
PROTO=6
213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 T=109
SYN (#70)
Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.138:137
192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71)
Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.20:138
192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71)
Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.5:138
192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71)
Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.5:137
192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71)
Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.100:138
192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71)
Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17
192.168.2.172:137
192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71)
They have as many as 40 pages of this type of messages , presenting this "deny" access as the evidence we have tried to penetrate their network. Since we are not int er ested is go into that VPN, nor we have tried to do
it, please help me in find a technnical explanation for the "evidences" the have
shown.
Thanks. |
- [newbie] Firewall Log Question Eduardo Bencomo
- Re: [newbie] Firewall Log Question Derek Jennings
- Eduardo Bencomo